Security of our Information Systems

1 – Complexity and vulnerability

Modern information systems consist of a large number of hardware and software layers. Any of these hardware or software layers can be vulnerable and become the source of a security breach.

Security must therefore be considered in a global way and involves, first and foremost, simplifying information systems. Our information system is thus the result of multiple simplification choices, all of which aim to reduce its attack surface and therefore its vulnerability.

However, an information system should never, by its very nature, be considered completely secure. For this reason, we cannot guarantee you an absolute security of our information system. Vulnerabilities will always appear randomly and we will never be immune from the possible exploitation of one of them. However, we can guarantee you a very good relative security with the delivery of professionally secured web solutions.

2 - Transparency and vulnerability

We have chosen to list below some of the security features of our information systems.

This may seem risky since it provides information to a potential attacker. This is often a reason given for not having to justify the security measures put in place.

For us, it is a risk worth taking. Transparency is a source of dialogue with our customers, who are the first to be interested in the security of our information systems. This transparency then becomes a source of improvement.

3 - Personal computers

Our personal computers are Apple MacBook Pro. Security updates of macOS and other installed software are immediately applied. Other updates of macOS and software used on these machines are researched and applied once a week.

These updates are detected through the App Store, CleanMyMac X and manually.

Our machines are protected by the Sophos security solution, which provides, among other things, real-time anti-virus protection and maintains a black list of websites not to be visited.

The Internet connections of the software installed on our personal computers are monitored using the Little Snitch solution.

Our personal computers are used for development and store all our data, at the same time, locally and remotely. Locally, the data is encrypted by macOS and protected by the macOS firewall. Remotely, this data is hosted by Tresorit. This Swiss solution allows end-to-end file encryption and version management. End-to-end file encryption ensures encrypted file storage in the cloud. Managing file versions is a better response to ransomwares than only backups.

4 - Mobile phones

Our mobile phones are Apple iPhones. iOS security updates are applied immediately. The hardware and software integration of Apple iPhone ensures that the iOS operating system is regularly updated throughout the use of these mobile phones.

We limit the professional applications used on these mobile phones to what is strictly necessary. These applications are G Suite, Skype, Zulip, LinkedIn and AirBnB. No other professional applications and no personal applications such as facebook or Candy Crush are installed to reduce the attack surface of these machines.

Our password manager (see article 8 below) is not installed on our mobile phones. We do not access the administration system of our information system from our Apple iPhones.

5 - Web application servers

Our web application servers are hosted by the Finnish company UpCloud. They use the open source operating system Ubuntu Server 18.04 LTS with guaranteed support until April 2023. These Ubuntu operating systems are updated once a week after a full backup of the concerned servers.

Our servers are protected by a firewall and monitored by supervision software. In particular, the firewall allows only the necessary ports to be opened and may restrict access to authorized fixed IP addresses. The supervision software allows us, among other things, to detect abnormal activities on our servers and to inform us about them in real time.

Each virtual server is dedicated to a single client and a single application. The database(s) required for this application are also dedicated to this single client. Thus, a customer can never have access to another customer’s data.

Our servers can be located, at the customers’ choice, at :

  • London (United Kingdom),
  • Amsterdam (Netherlands),
  • Frankfurt (Germany),
  • Helsinki (Finland),
  • San Jose (United States),
  • Chicago (United States),
  • or Singapore.

Our servers are fully backed up once a day.

Our servers are fully backed up before their operating system is updated.

These backups complement the backups performed at the level of our applications (see Articles 6, 7, 8 and 9).

6 - Websites - WordPress

WordPress is our only tool for designing our websites and those of our customers. WordPress is an Open Source solution supported by a very large community of developers and users. It is one of the most widely used Content Management Systems today.

WordPress security updates are applied immediately and automatically. Other WordPress updates as well as theme and extension updates are done once a week.

Our WordPress sites are protected by a security solution.

Access as administrators is immediately reported and verified. Users, internal or external, have access only to the functions they strictly need. All actions of administrators and users are recorded in real time in a logbook.

Our WordPress sites are backed up, at the application level, once a day. Backups are transmitted encrypted and archived in two separate data centers, one in France and the other in Holland. The proper execution of these backups is checked once a week. The operational capacity of these backups is tested once a month.

Our WordPress sites are also backed up, at the server level, along with the entire server, once a day (see article 5).

We use, on all our WordPress sites, only about twenty extensions that we have known for many years.

Our forms are protected by the Google reCaptcha solution.

7 - Web applications - Laravel

Laravel is our only tool to design our web applications. Laravel is an Open Source solution supported by a very large community of developers. It is one of the most widely used PHP frameworks today.

Laravel’s security updates are applied immediately. Other updates of Laravel as well as updates of its additional components are done once a week.

The access, roles, backups and components management follows a selection, testing, deployment, development and stabilization process that is optimized for each application.

8 - WinTheDeals - EspoCRM Hosting

We selected EspoCRM for the following reasons:

  • Open Source Solution
  • Expertise of the developer community
  • Quality dedicated PHP framework
  • Intelligent use of the relational database
  • Efficient and simple user interface
  • Advanced CRM features

The quality of the solution is the basis for its security.

EspoCRM is regularly improved by its developer community. New updates appear several times a month.

We monitor these updates and implement them on our servers once a week.

Our EspoCRM applications are backed up, databases and files, at our infrastructure level, every two hours. The proper execution of these backups is checked once a week. The operational capacity of these backups is tested once a month.

Our EspoCRM applications are also backed up, at the server level, at the same time as the entire server, once a day (see article 5).

9 - Zolandia - Zulip Hosting

We selected Zulip for the following reasons:

  • Open Source Solution
  • Expertise of the developer community
  • Django, quality Python framework
  • Efficient and simple user interface
  • Advanced Chat Features

The quality of the solution is the basis for its security.

Zulip is regularly improved by its developer community. New updates appear several times a year.

We track these updates and implement them on our servers within a week of their release.

Our Zulip applications are backed up, at the server level, at the same time as the entire server, once a day (see article 5).

10 - Password manager

We use the KeePass XC Open Source password manager. The conformity of the downloaded code with the original code is checked before each update. We update KeePass XC as soon as each new version is released.

Each generated password is a strong password that is used only once in our information system.

The KeePass XC database is encrypted twice (in the application and during transfer) and stored in Tresorit.

Backups are made weekly and stored encrypted, on USB sticks, in two different physical locations.

11 - Two-Factor Verification

We most often use the FreeOTP Open Source two-factor verification solution. This solution is sponsored and published by Red Hat. We also use two-factor verification systems using SMS or email when they are the only ones available.

This two-factor verification is used for all critical components of our information system. This is particularly the case for:

  • G Suite to protect our mails,
  • Gandi in order to protect our domain names and DNS redirections.
  • UpCloud to protect our servers.

12 - Monitoring and knowledge base

We maintain a comprehensive knowledge base dedicated to security on a daily basis, based on multiple sources of information. This allows us to learn about the vulnerabilities of our software solutions as soon as they are made public.

We apply security updates that address these vulnerabilities very quickly, usually within hours of their release.

This knowledge base is also used to raise our customers’ awareness of the ever-changing nature of IT threats.

13 - Principles for selecting solutions

We focus on Open Source solutions supported by large communities. In some cases, we choose proprietary solutions when justified by their excellence or specialization.

We prefer European solutions because they often offer more guarantees of security and privacy than, generally, solutions from the United States. In some cases, we use solutions from other parts of the world when they do not have equivalents in Europe.

When a European alternative solution appears and offers more security than our current solution, we set up a migration plan. This is what we did when we replaced the American Dropbox solution with the Swiss Tresorit solution.

14 - Financial independence

The security of your information systems also depends on the financial strength and independence of your subcontractors and suppliers. In the event of a takeover of the company, your data may be outsourced, shared or compromised. In the event of a business failure, your data may be temporarily unavailable or even lost.

WebZenitude is a financially independent company:

  • 100% of its shares are held by its founder.
  • It is developing by its own means without recourse to venture capital or debt.
  • It is up to date with the payment of its taxes and social contributions.
  • There are no ongoing customer disputes.
  • Only invoices issued are recorded. Future invoices are not taken into account.
  • Developments of our solutions are neither capitalized nor recorded. They are not subject to research tax credits.

WebZenitude does not foresee any change in its “slow growth” mode of development or in its financial independence.

Our customers can thus count on:

  • our professionalism thanks to our slow and steady growth.
  • our sustainability thanks to our financial independence.
  • our resilience in the event of an economic recession thanks to a low and controlled break-even point.

15 - Metadata

Creation Date : August 6, 2019
Update Date : September 17, 2019
Version : 005

16 - Additional information

You can obtain this information by using our contact form.

We guarantee you fast answers.

35 chemin des Bourguignons
88160 - Le Thillot
France

SAS with a capital of 5.000 €
RCS Epinal : 813 629 060 00019
N° TVA : FR 47 813 629 060